CVE-2018-2446

EUVD-2018-14301
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
sapbusinessobjects_business_intelligence
4.1
sapbusinessobjects_business_intelligence
4.2
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/105089
https://launchpad.support.sap.com/#/notes/2633846
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
http://www.securityfocus.com/bid/105089
https://launchpad.support.sap.com/#/notes/2633846
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742